Bug 550364

Summary: Restrict access to host settings
Product: [openSUSE] openSUSE 11.2 Reporter: Josef Reidinger <jreidinger>
Component: WebYaSTAssignee: Klaus Kämpf <kkaempf>
Status: RESOLVED FEATURE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P4 - Low    
Version: Factory   
Target Milestone: Future 11.3   
Hardware: Other   
OS: Other   
Whiteboard: security
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 514382    

Description Josef Reidinger 2009-10-27 11:40:23 UTC 
Attacker can change freely url of target machine. This can lead to man-in-middle attack. ( e.g. change mymachine.org to mymachnie.org and privileged user use this fake site to login)
Comment 1 Klaus Kämpf 2009-11-02 09:25:32 UTC 
Not relevant for appliance release, target machine is fixed to 'localhost'
Comment 2 Klaus Kämpf 2009-11-17 13:19:39 UTC 
Closing as feature since multi-host must be re-designed after release.
Comment 3 Klaus Kämpf 2009-11-17 13:20:54 UTC 
*** Bug 550366 has been marked as a duplicate of this bug. ***